UC Davis

Physical device safety is typically implemented locally using embedded controllers, while operations safety is primarily performed in control centers. Safe operations can be enhanced by correct design of device-level control algorithms, and protocols, procedures and operator training at the control-room level, but all can fail.  Moreover, these elements exchange data and issue commands via vulnerable communication layers.  In order to secure these gaps and enhance operational safety, we believe monitoring of command sequences must be combined with an awareness of physical device limitations and automata models that capture safety mechanisms.  One way of doing this is by leveraging specification-based intrusion detection to monitor for physical constraint violations. The method can also verify that physical infrastructure state is consistent with information and commands exchanged by controllers.  This additional security layer enhances protection from both outsider attacks and insider mistakes.  We discuss means for accomplishing this, in addition to our own approach.